|
Description:
As of May 2, 2005 11:50 AM (PDT/GMT -8:00), TrendLabs has declared a Medium risk alert in order to control this new SOBER variant that is currently spreading in Germany and the United States.
To get a one-glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below.
Description
This worm spreads by mass-mailing copies of itself using its own SMTP (Simple Mail Transfer Protocol) engine. It gathers its target recipients from files with certain extensions names. Notably, it avoids sending messages to addresses that contain specific strings.
Using social engineering techniques, it sends out an email supposedly sent by the soccer organization FIFA, informing recipients that they won tickets for the upcoming FIFA World Cup 2006 in Germany. It also sends email messages in English or in German, depending on the country-level domains of the gathered addresses.
Social engineering, a propagation technique that is widely utilized by most worm programs, invests largely on computer users' instinctive tendency to open email messages, execute attachments that are enticing and apparently harmless, and download and unknowingly open attractively named files.
Below are sample messages this worm sends out:
This worm also tries to download and execute a file detected as WORM_SOBER.U from certain Web sites.
For additional information about this threat, see:
Solution
Technical Details
Description created: May. 2, 2005 9:56:45 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
